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I. INTRODUCTION 


A. BACKGROUND 


Webster’s New World Dictionary defines an agent as “a person or thing that 
performs an action or brings about a certain result, or that is able to do so.” The term 
agent has been used for many years in computer science to describe a program that 
performs a job on a user’s behalf. An agent normally executes on a single machine and 
performs tasks of varying complexity and ability. One use of agents can be found in 
today’s networks and distributed processing systems. “Key platforms, such as hosts, 
bridges, routers, and hubs, may be equipped with agent software so that they may be 
managed from a management station (Stallings, 1997).” The agent, in this case, monitors 
the node’s active status and responds to information requests from network management 
stations. Spelling checkers integrated in modern word processors can also be considered 
agents. They simply monitor or scan input text, reporting any differences between input 
strings and their own dictionaries to the main word processing program. 

Software agents are rooted mostly in the artificial intelligence and distributed 
systems areas of computer science. The availability of digital computers and the 
assumption that real world aspects can be symbolically represented gave rise to the 
research area of artificial intelligence at the Dartmouth Conference in 1956. The 
development of agent research has been influenced by five parent disciplines: control 
theory, cognitive psychology, artificial intelligence planning theory, object-oriented 
programming and distributed systems. (Muller, 1996) 

Control theory investigates the agent-world relationship from a machine-oriented 


perspective whereas cognitive psychology deals with behavior and motivation theory. In 


the 1970’s, classical artificial intelligence planning systems strongly influenced agent 
design, viewing the problem-solving behavior of agents as a sense-plan-act cycle. The 
1980’s brought the notion of the agent playing a central role in the research of distributed 
artificial intelligence. (Muller, 1996) 

Agents are historically divided into three classes: deliberative, reactive and 
interacting. Deliberative agents rely on an internal representation of their world, and base 
their actions on some form of complex symbolic reasoning. These agents are usually 
modeled on beliefs, desires and intentions. In the mid 1980s, a new school of thought 
emerged that was influenced by behaviorist psychology. It led to reactive agents. These 
agents make their decisions at run-time, based on environmental sensor input. They 
contain limited amounts of internal representation. The interacting agent class, beginning 
in the late 1980s, focused on the coordination process and on mechanisms for cooperation 
among autonomous agents rather than on the structure of these agents. In the past 
decade, a considerable amount of effort has been dedicated to combining these classes in 
order to overcome their individual limitations. (Muller, 1996) Blackboard Architecture 1s 
one example. 

Also in the 1980s, Minsky’s views became prominent in the world of agents and 
intelligence. Minsky distinguishes between agents and agencies. In Minsky’s Society of 
Mind, an agent is a simple non-intelligent part or process. On the other hand, an agency 
is a collection or society of these simple agents demonstrating the appearance of 
intelligence. (Minsky, 1985) 

With the advent of Java, there is renewed interest in the mobility of agents. The 


Java Virtual Machine and Java’s class loading model, coupled with serialization, remote 


method invocation and multithreading, have made prototyping mobile agent systems a 
fairly straightforward task. 

Mobile is defined as “moving, or capable of moving or being moved, from place 
to place.” Thus, a mobile agent can perform varying tasks and can move from host to 
host throughout a network. It has the ability to decide if and when it needs to move and 
then request to be transported to the desired location. While traveling through a network, 
it can search for information and execute commands at a remote server, eventually 


reporting back to its client when its task is complete (Kalakota, 1996). 


1. Mobile Agents in the Military 


Software agents offer tremendous potential in supporting the Department of 
Defense. Military intelligence analysts can benefit from a mobile agent that provides 
remote sensor observation, data collection and situation reporting. Perhaps the greatest 
benefit to the analyst is the dynamic nature of the agent. In a high operational tempo 
scenario with continually changing situations and requirements, an analyst can dispatch 
an agent with a request for information based on the most recent developments. An agent 
can also encode decision-making logic in order to make decisions while at remote 
locations. 

Another benefit to the military is the ability for a soldier in the field with a 
handheld device to dispatch an agent to a command and control center requesting further 
instructions or local area intelligence data. The soldier can then shut down the device, 
perform evasive ground maneuvers and then, at a later time, restart the device in order to 


retrieve the results of the request. 


Security is important to military users of mobile agents. The intelligence analyst 
needs precise information when providing Indications and Warning support to forward- 
deployed units and the soldier has to rely on his marching orders to stay out of harm’s 
way. Thus, an agent’s client must have the confidence and trust that a dispatched agent 


will execute in the manner desired and that all collected data are not corrupt. 
B. PROBLEM STATEMENT 


The objective of this thesis is to develop a trusted mobile agent model permitting 
a client to dispatch an autonomous agent into a network of databases and upon return of 


the agent, have confidence that the agent has not been subverted. 
C. APPROACH 


The approach is based on a trusted mobile agent model that uses a host-to-host 
authentication protocol and public-key cryptography. Agents originate from trusted hosts 
and are forwarded only to other trusted hosts. Every trusted host has a list of hosts which 
it trusts. Certificates issued by a central issuing authority are used in the authentication 
process. Mobile agents will be executed at remote hosts only following a successful 
authentication agreement. Upon an agent’s return to a client, we know the agent has 
visited only trusted hosts. Therefore, any returned results can be used with confidence. 
We believe that the trusted mobile agent model can be useful in realizing mobile agent 


applications in the military. 
D. THESIS ORGANIZATION 


Chapter II presents software mobile agents, providing examples that demonstrate 


practical mobile agent use. Chapter III presents a trusted mobile agent model, discusses 


the associated security risks and lists the simplifying assumptions. Chapter IV gives 
details of an implementation of the model in Java and explains mechanisms used for 
mobility and authentication. In Chapter V, a military related scenario is developed and 


discussed. Chapter VI provides a summary and conclusions. 





Il. MOBILE AGENTS 


A. WHAT IS A MOBILE AGENT? 


A mobile agent is considered autonomous and, in general, consists of executable 
program code, along with some form of execution state. It carries with it everything 
required to perform its tasks and need not rely on previously-visited hosts for execution. 
An agent can execute on a particular host and decide it needs to transfer to another host. 
It can then save its state, halt execution and forward itself to that host. Once it arrives at 
the new host, it may continue where it left off. 

With movement as a characteristic, a mobile agent should maintain a sense of 
location or host identification. A mobile agent may have a home from which it originates 
and can dispatch itself to a remote location or locations and perform programmed 
operations. Eventually it may return home with a result or communicate results back to 
the client via email or some other data transmission protocol. The agent’s journey may 
be predefined with a planned itinerary or destinations may be determined as it travels, 


depending on navigation decisions made at each stop. 
B. WHY MOBILE AGENTS? 


The benefits of mobile agents can be separated into two levels: a user level and a 
distributed-system level. 

At the user level, agents, in general, improve productivity by reducing client 
workload, allowing more time for other activities. Kalakota and Whinston (Kalakota, 
1996) list some typical reasons for software agents: managing information overload, 


decision support, repetitive office activity, mundane personal activity, search and 


retrieval, and domain experts. They also state the most important tasks performed by an 
agent are “gathering information, filtering information and using it for decision making.” 
These three benefits are valuable in a military setting. 

An intelligent mobile agent can travel throughout a network and make real-time 
decisions, requiring no interaction with the sender. While trying to satisfy a query, it can 
decide where it should go to find the necessary data for computation. Once there, it can 
perform data filtering on behalf of the sender and, when necessary, may either return 
home with the result or transmit it via other means. Since no communications are 
required while in transit, the agent’s client is free to perform other activities. This also 
permits the agent to respond more quickly to the client with the result of the query. 

The distributed-system level provides even more justification for military mobile 
agent applications. Military databases often contain large amounts of information such as 
own-force status and location, cartography details, forecasted weather data, 
reconnaissance findings, collected intelligence data and logistical statistics. Operational 
planning requires a large mix of all these extremely dynamic databases, which are rarely 
centrally located. Sending an agent out to search through these databases can prove to be 
more efficient than maintaining a continuous connection, say with a database server. A 
continuous connection often is unnecessary. 

Agents performing data mining may need fewer packets, depending on the type of 
filtering operation they perform. Consequently, distinguishing changes in the status of 
forces by monitoring network traffic becomes more difficult. 

Mobile agents offer the flexibility of providing immediate notification upon 


finding a desired piece of information during a data mining operation. For example, an 


agent could be programmed to search a list of hosts, collecting data along the way. If it 
collects certain information that is contained in a predefined high-priority set that it 
carries, then it may choose to transmit a response immediately back to the client. 

The advent of mobile devices, such as laptops and personal, handheld 
communicators are served well by mobile agent technology. Mobile devices share the 
following three characteristics which demand the kind of support provided by mobile 
agents (Harrison, 1995): 

e They are only intermittently connected to a network, hence have only 

intermittent access to a server. 


Even when connected, they have only relatively low-bandwidth connections. 
They have limited storage and processing capacity. 


Soldiers on the move, as mentioned in Chapter I, or submarines on missions that 
allow them to surface only when necessary, could be users of intermittent connections 
provided by agents. A military unit can formulate its request for information and 
dispatch the agent via a short burst communications transmission. The unit could then 
shut down communication lines, continue with the local mission at hand and, at a later 


time, re-establish communications and retrieve the mobile agent’s reply. 
C. EXAMPLES 


A popular example often used when describing commercial use of mobile agents 
is an airline reservation scenario. Versions of this scenario can be found in (Chess, 
1995), (Farmer, 1996) and (Yee, 1997). Farmer focuses on four hosts: a customer host, a 
travel agency host and two servers owned by competing airlines (Farmer, 1996). Chess 
uses a similar scenario (Chess, 1995). Yee studies a mobile agent that travels through a 
series of airline reservation servers (Yee, 1997). In both cases, it can be assumed that a 


travel agency programs the agent to provide a service for a customer. 


Generally, in these examples, a customer desires to make an airline flight 
reservation based on destination, flight time availability and lowest cost. An agent, 
acting on behalf of a client, visits a series of airline servers. At each server, the agent 
queries the flight database and stores the results. Having collected enough flight 
information, the agent decides on a travel plan based on the customer’s desires. The 
agent may then forward itself to the airline server with the “best” offer, make the 
reservation and, finally, return home with the results. 

There are a number of security concerns associated with this example based on 
the competitive nature of airline agencies in the commercial world. First, we must note 
that “it is impossible to hide anything within an agent without the use of cryptography 
(Chess, 1995).”” Cryptography can conceal collected data but does not prevent a 
malicious host from corrupting or deleting it. Also, in order for the agent to process the 
collected data it must be readable. This means it must not be encrypted or the agent must 
carry the decrypting key. Now since it is impossible to hide anything within an agent, the 
latter provides the malicious host the opportunity to obtain the key and read collected 
data. Therefore all hosts will have access to data contained within an agent’s state. 

In the airline flight reservation example, a malicious airline server could attempt 
to win business by altering flight records collected so far. The greedy server might raise 
its competitor’s fares in hopes of being chosen as the airline with the lowest cost or just 
delete the other records altogether. In these competitive commercial systems, secrecy 
and integrity are important. 

Another practical use of mobile agents 1s providing safeguards and counter- 


measures in distributed systems. The safeguard of intrusion detection in a network can 


10 


greatly enhance system security. Farmer describes an intrusion protection system of 
mobile agents that actively monitor network activity for suspected attacks. Once an 
intrusion has been detected, a response team of agents is deployed to activate the 
appropriate counter-measures. (Farmer, 1996) In the case of a network virus being 
detected, an agent could be sent out transporting a bug fix along with instructions for 
applying it (Black, 1997). Employing agents in these distributed detection and response 
systems makes use of an agent’s mobility, flexibility and decision-making capabilities. 

There are also security issues involved in these distributed intrusion detection and 
response systems. As mentioned in (Farmer, 1996), intruders could debilitate a host 
system on which the agents need to run by manipulating the server in some way or just 
causing it to crash. An intruder might insert hostile agents or attempt to alter or trick the 
legitimate agents into performing malicious tasks. These issues point out the importance 
of agent authentication, integrity and availability. 

Another example is procurement. Here multiple agents attempt to bid for goods 
or services offered by an auctioneer agent or host. This is considered a more complex 
model in (Chess, 1995). The agent’s goals and monetary resources must be hidden from 
other agents and untrusted hosts. Typical procurement examples include electronic 
malls, flea markets and sealed bidding auctions. This example provides a challenging 
security exercise in attempting to devise a method ensuring that each agent’s attributes 
remain secret. 

Agents can also be useful in the graphics world. Minar presents an example where 
a computer animation is being constructed by a large entertainment firm (Minar, 1996). 


A mobile agent first visits a host that holds the requirements of the construction. The 


Ag 


agent then moves to a ‘render farm’ and spawns many agents to produce the frames of the 
animation. Finally, the agent collects the frames and takes them to a final production 
host that combines the frames and packages the resulting movie. Depending on the 
proprietary concerns of the firm’s product, the secrecy and integrity requirements in this 
example can be critical. 

A mobile agent’s dynamic nature allows it to actively respond to real-time events 
in the fast-paced, changing world of distributed systems. Whether employed in a 
commercial application where electronic monetary accounts are of prime concern or in a 
military setting where a nation’s defense and human lives are at stake, mobile agent 
security needs to be addressed. This thesis addresses some of these issues in a military 
scenario, namely data mining, and develops an agent transmission protocol that permits 


use of mobile agents with confidence. 


| 


Il. AN APPROACH TO MOBILE AGENT SECURITY 


A. THE MOBILE AGENT MODEL 


What is our basic mobile agent model? The basic mobile agent model contains 
the following components: a mobile agent, a client, a network of hosts and host 
databases. 

A mobile agent, in general, consists of executable program code and some form 
of execution state. This model represents mobile agents as agent folders. An agent 
folder contains executable code, state information, a client’s identification and password 
and perhaps a session key. All gathered data or dynamic state information is stored in the 
state field of the folder. The client’s identification and password are provided in case 
client authentication is needed at remote hosts. If an agent is required to collect classified 
data then a session key is provided in order to encrypt the data while in transit. An agent 
packet is the basic container used to transport agent folders from host to host. 

The agents can be programmed to gather information, fuse the collected data, 
eliminate redundancies, highlight conflicting information and, lastly, summarize the 
results, creating a useful product. 

An agent executes at a host as long as it takes to complete its mission. If an agent 
has completed its mission and does not need to be forwarded to another host, then it 
terminates immediately. 

An agent may be dispatched to another host for one of the following reasons: 

e Initial dispatch from the client. 

e The agent determines that the requested information 1s not available on the 


current host and forwards itself onward to another host listed 1n a pre-planned 
itinerary. 
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e The current host could recommend other hosts it should visit that may have 
relevant information. 


e Dispatching could be triggered by the collection of a certain piece of 
information requiring the agent to return to the client for continued operations. 
For example, upon notification that a particular type of enemy aircraft has 
been launched from a particular airfield, the agent needs to go home to display 
the information and insert the data into the client’s database. 

An agent can forward itself, if necessary, to visit any number of hosts 
simultaneously. Further, an agent communicates only with hosts on which it resides. 
There is no agent-to-agent communication in this model for reasons of simplicity. 

The client is a user on the originating host. This is where the mobile agent 
initially executes. The client dispatches an agent and the agent returns to the client with 
its results. 

Network hosts are all interconnected machines, each providing similar socket 
connection services. Each network host has an agent packet server listening for a 
connection request to be received. Upon receipt, the executable code is run and the state 
information is made available for agent use. 

Databases reside on each host. They are considered read-only databases with 
respect to visiting mobile agents. Agents are given only read access on all hosts, except 
the originating host. This is done only to keep the model simple. The agent can access 
the databases either directly or via a system specific interface. Agent execution may 
differ according to mission or application and will be configured accordingly to interact 
with the intended database or system interface. Agent programmers have advance 


knowledge of database system interfaces on each machine that may be visited by the 


agent. 
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B. SECURITY RISKS 


Military operational environments often require requests for intelligence or 
targeting information. It is common for the results to be used in making decisions that 
could endanger human safety or affect delicate foreign relations. The basic model permits 
a host system to dispatch an autonomous agent throughout a network of databases, collect 
data and return a result. Associated with the basic model are a number of security 
concerns. 

Security threats to a system fall into three aspects: secrecy, integrity and 
availability. Secrecy ensures that users only access information to which they are 
allowed. Integrity means a process remains free from corruption and unauthorized 
changes. Authentication verifies the origin of the sender. Availability means that the 
computer system’s hardware and software keeps working efficiently and the system is 
able to recover quickly and completely if a disaster occurs. (Russell, 1991) 

A mobile agent has two generalized locations. The agent is either resident on a 
host or in-transit between hosts. While an agent 1s executing on a host it is vulnerable to 
all three security threats. As noted in Chapter IJ, hosts have access to all data contained 
in an agent. Agent secrecy, integrity and availability are all assumed to rely on the host 
being well behaved. 

An agent moving from host to host is susceptible to common network attacks. 
Communications media and equipment are points of vulnerability to any data being 
transmitted. A mobile agent can be monitored to obtain private information. The agent 


could even be altered with an unauthorized modification during network travel, resulting 
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in an integrity violation. Although denial of service attacks exist, they are beyond the 
scope of this thesis and are not considered. 
These threats to mobile agent secrecy and integrity are treated by the following 


protocol. 
Cc. SECURE MOBILE AGENT TRANSMISSION PROTOCOL 


We begin with a base protocol we call forward-and-authenticate. It does not 
require a certification authority and guarantees secrecy, integrity and authentication of 
mobile agent folders while in-transit. Then we describe a variation of this protocol called 
authenticate-forward-authenticate. It is based on the Secure Password Transmission 
Protocol (Volpano, 1997) and requires a certification authority. The Secure Password 
Transmission Protocol provides the secure transmission of a password from a client to a 
server followed by the secure transmission of information from that server back to the 
client. The Secure Mobile Agent Transmission Protocol, however, provides 
authentication and safe transmission of mobile agents from host to host. 

A public key cryptography system is used and it is assumed all hosts have access 
to the public key of the host to which they wish to forward an agent. It is also assumed 
that receiving hosts have access to the public key of the sender. See figure 1. When an 
agent executing on host A, requests to be dispatched to another host, B, the sending host 
encrypts the agent folder (af) with host B’s public key, Pp, to provide secrecy. Host A 
then uses a mutually available one-way hash function, H, to produce a hash of the agent 
folder, H(af). This hash is encrypted with Host A’s private key, Sa to produce (H(af))>. 
The encrypted hash of the agent folder will provide authentication and integrity and 


simulates a digital signature. We use a single key pair for both asymmetric cryptography 
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and digital signatures. The resulting agent folder, hash and host’s name are then sent to 


host B in the agent packet container (ap). 


Agent Folder 
$$$ —__> | (af) B, (H(af))SA, A 
ap( (af)PB, (H(af))$4, A) 


send agent folder to B 


if verifies using A’s public key 
[if user ID & password match] 
execute agent code 





Figure 1. Basic Secure Mobile Agent Transmission Protocol 


Upon receipt, host B decrypts the received agent folder with its private key, Sp, 
and uses the same hash function, H, to produce a hash of the received agent folder. The 
received hash is decrypted with the public key of host A, Pa. (If B has no public key for 
the host name provided in the folder, then it drops the folder.) If the two hashes match 
then the received agent folder is authenticated to be from host A and has not been 
modified. Host B then performs any necessary authentication of the client on whose 
behalf the agent wishes to execute. This will require the password in the agent folder. 
Finally B executes the agent. 

The same protocol applies whether the agent requests to be forwarded to another 


host or to return home. 


Ly 


A variation is now introduced where the connecting hosts do not know each 
other’s public keys. It is an authenticate-forward-authenticate protocol. Here a 
certificate-based system is used and it is assumed that all hosts have access to the public 
key, Pca, of a central certification authority, CA. Certificates in this model, CERT, and 
CERTza, include host name and public key only and are encrypted with the CA’s private 
Levent 

All connected hosts initially acquire the CA’s public key, Pca. Next, in order to 
receive mobile agent packages, a host obtains a signed certificate from the CA, 
(CERT,)°, containing the host’s identity and public key. At this point. the host is ready 
to send or receive mobile agent packages. See Figure 2. Agent packages also contain a 
boolean field indicating whether the agent packet 1s a certificate request or a packet 
containing the encrypted agent folder along with its hash and the host’s certificate. 
Empty fields are represented by null in the figure. 

When an agent requests to be dispatched, the sending host, A, connects to a 
remote receiving host B and requests a certificate for B. Host B replies by sending its 
certificate, (CERTp)°**, which is host B’s name and public key, encrypted with the CA’s 


private key. 
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Certification Authonty 
CERT, Sca/Pea CERT, 
(CERT,) <4 (CERT,) Sc 


S,/P, 
CA 
(CERT, )2<4 
Certificate Request 
ap( 1, null, null, null) 


send CERT, request to B 


send CERT reply to A 


Certificate Reply 
(CERT 2.)-<4 ap( 1, null, null, (CERT,,) 8°) 


if verifies & B’=B 


send agent folder to B 
Agent Folder 


ap( 0, (af) 8, (H(af)) 84, (CERT, ) 84) (af) "8, (H(af)) 4, (CERT,) 5¢4 


if ( verify P, is A’s public key 
& A € {Tmusted Hosts} 
& H(af) verifies using P, ) 
then execute agent code 





Figure 2. Secure Mobile Agent Transmission Protocol with Certificate Authority 


Upon receipt, host A decrypts host B’s certificate with the CA’s public key 
revealing a host name and associated public key. This confirms that the public key in the 
certificate is the public key of the received host name found in that certificate. Host A 
compares the received host name B’ with the requested host name B. If they match, host 
A now has host B’s public key. Next, as in the original protocol, the agent folder is 
encrypted with host B’s public key to provide secrecy, (af)'®. Host A then uses a 
mutually available one-way hash function, H, to produce a hash of the agent folder, 
H(af). This hash is encrypted with Host A’s private key to produce (H(af))**. The 
encrypted hash of the agent folder will provide authentication and integrity, and simulates 
a digital signature. Again, this method of signing, with the already available keys, allows 


the server to maintain only one set of keys per connected host instead of two. The 
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resulting agent folder, hash and Host A’s certificate, (CERT,)°® , are then sent to host B 
in an agent packet. 

Upon receipt, Host B decrypts the received certificate with the CA’s public key 
revealing a host name and associated public key. If host B chooses to communicate with 
the received host name, it decrypts the received agent folder with its private key and uses 
the same hash function, H, to produce a hash of the received agent folder. The received 
hash is decrypted with the public key of host A. If the two hashes match then the 
received agent folder is authenticated to be from host A and has not been modified. Host 
B then performs any necessary authentication of the client, using the password provided 


in the agent folder, and then executes the agent. 
D. SIMPLIFYING ASSUMPTIONS 


It is important to note that certain simplifying assumptions have been made in 
developing a model demonstrating that mobile agents can be used in confidence, 
employing the standard uses of public key cryptography and certificates. The following 
assumptions make this possible. 

In the ee world, it is common to communicate with, and request information 
from, a predetermined set of suppliers in which some degree of trust exists. Examples 
would be national and theater intelligence collection and analysis centers, mapping 
agencies, meteorological and oceanographic centers, etc. This model uses this 
characteristic in that it maintains a list of trusted hosts. Thus, agents will only be 
forwarded to other trusted hosts. 

All useful agents originate from a trusted host and are only forwarded to other 


trusted hosts. Any originating trusted host is the one from which an agent is launched 


20 


and to which it eventually reports the result of its execution. A trusted host promises to 
correctly execute agent instructions and not to violate the integrity of the software agent’s 
content. Included is the promise not to misuse the secret session key included in the 
agent folder which is used by a host to encrypt sensitive data in an agent’s folder. 

Trusted hosts promise to keep their servers secure from external attackers using 
common available methods such as firewalls, virus scanners and strong identification and 
authorization mechanisms. 

Each trusted host knows all other trusted hosts to which it is connected and which 
it trusts. A trusted host may be connected to other hosts that it considers not trusted or of 
unknown safety. A host will authenticate the public key of another trusted host on behalf 
of an agent prior to forwarding the agent to that host. A host will not attempt to transfer 
an agent to a host not considered trusted. 

All trusted hosts consist of an agent handler daemon and associated utility 
software including a public key cryptography suite. All trusted hosts use the Secure 
Mobile Agent Transmission Protocol, described in this thesis. 

A certification hierarchy will most likely be used in networks with a large number 
of trusted hosts. This model assumes a single CA is used. Certificates normally include 
a specific validation period and, upon expiration, new certificates are negotiated. This 
model assumes that certificates have unlimited lifetime and does not include timestamps 
in the certificates. Certificates sometimes use random numbers as one-time pads 
preventing replay. This model does not include generated random numbers in 
certificates. These methods and features treat important security issues. Certificates in 


this model include host name and public key only for reasons of simplicity. 
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These simplifying assumptions are essential to the success of this model. If an 
agent successfully returns to the original client then the result can be trusted. Here, 
trusted means the agent returns with results that can be obtained by visiting only trusted 
hosts in the network. The strength of this statement ultimately rests on the strength of 


public key cryptography and on the ability to keep private keys private. 
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IV. IMPLEMENTING MOBILE AGENT SECURITY IN JAVA 


A. THE BASIC PROTOTYPE 


The Java Virtual Machine and Java’s class loading, coupled with serialization, 
networking, multi-threading and the cryptography architecture have made prototyping the 
trusted mobile agent model a fairly simple task. The prototype was developed on four 
networked Sun SPARC Station 10 machines with the Solaris V2.5 operating system 
using JDK1.1. 

The mobile agent implementation is based on my advisor’s active network design 
and much of the source code is rooted in the exercises and projects from the CS3973 
Advanced Object-Onented Programming in Java course at the Naval Postgraduate 
School, Monterey, California. 

The implementation 1s a certificate-based authenticate-forward-authenticate 
protocol. The code differs slightly from the Secure Mobile Agent Transmission Protocol 
model in that Host A’s certificate is forwarded in the initial request verses being 
forwarded in the final agent packet which contains the agent folder. 

An agent packet is the basic container used to transport mobile agents from host 
to host. The agent packet contains an agent folder and a signed certificate using the 
Digital Signature Algorithm, DSA, supported by the cryptography architecture. A 
boolean flag indicates whether the packet is carrying an agent folder or a signed 


certificate. This flag is used in implementing the transport protocol. See Figure 3. 
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Figure 3. Agent Packet with DSA Design. 


The agent folder contains five members: originating client’s identification, user 


password, agent bytecode, agent state, a boolean value signifying if the session key is in 


use and a session key. A BA at the end of the variable name simply indicates the form of 


a byte array. 


public class AgentFolder implements Serializable { 


pubiere 
pub. 
jonbye JL ake: 
Pub] ile 
Public 
jervlenll alte: 


} 


SEring 
Serine 
byte[] 
byte (| 
boolean 
byte[] 


userID; 

password; 
agentCodeBA; 
agentStateBA; 
encrypted = false; 
sessionKeyBA; 


The basic mobile agent model implements a multi-threaded TCP server class 


called AgentPacketServer. This server listens for a connection request on port 


6011 (arbitrary) for an agent packet to be received. Once the server receives an agent 
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packet, it creates a new thread and adds it to a CPUScheduler, which handles the 
scheduling of incoming agents. 

The Agent PacketServer then organizes incoming agents into executable 
class files. It does this by instantiating the agentCode bytecode contained in the 
AgentFolder. The mobile agent’s source code is contained in the AgentCode class 


that implements the AgentCodeInterface: 


public interface AgentCodeInterface { 
public void exec(agentUtil.AgentFolder b, 
agentUtil.AgentCodeUtilityInterface u) 
throws Exception; 


The AgentCode class consists of the single method exec. This method contains the 
decision-making logic of the agent and is called by Agent PacketServer. The 


pseudocode for the military scenario can be seen in Figure 4. 


po, 










if at Joint Task Force Headquarters 
if initial visit 
forward agent to Theater Intelligence Headquarters 
else 
display collected data 





if at Theater Intelligence Headquarters 
search database for locations able to observe F-4 activity 
forward agent to Sub-Regional Intelligence Center 





if at Sub-Regional Intelligence Center 
search database for data related to F-4 activity 
forward agent Joint Task Force Headquarters 


Figure 4. Military Scenario pseudocode. 


The exec method takes, as parameters, the incoming agent folder and an instance 
of the AgentCodeUtility class. The agent folder is included to allow state 
manipulation and agent forwarding. The AgentCodeUtility class provides public 
utility methods that are available to agents on each host. An agent can retrieve the name 
of the local host using the get Location method. fwdAgent sends a serialized 
agent Packet to another host when requested by the agent. getState and 
saveState retrieve and store the state field of the agent folder. The AgentState class 
contains three fields: 


public class AgentState implements Serializable { 
public boolean initialVisit; 
DUbIAGeSbhing tempDestinarrvoen, 
public Strang colleetedbDaca, 
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initialVisit is set to true when first executing on the originator’s host. This allows 
the agent to know when it has returned from its travels. tempDestination stores a 
variable host name permitting the agent to alter its itinerary based on collected 
destinations. Information collected along the way is stored in the collectedData 
field. The getDestination and getData methods read from a file to simulate 


accessing a database. 


B. JAVA IMPLEMENTATION OF SECURE MOBILE AGENT 


TRANSMISSION PROTOCOL 


The certificate authority is simulated by the BuildCertificate class 
included on each host. BuildCertificate creates a certificate and inserts the local 
host’s name and DSA public key. DSA digital signature support is provided by the Java 
Cryptography Architecture. This is used to simulate the model’s use of a public key 
cryptography standard, such as RSA, which is not implemented by the Java 1.1 API. (It is 
available in JSafe 1.0, though.) 

BuildCertificate then encodes the certificate by signing it with the 
certificate authority’s DSA private key. All hosts are manually preloaded with the 
certificate authority’s DSA public key simulating CA access. 

Following a fwdAgent request and prior to sending an agent folder, the 
destination must be authenticated. This is accomplished in the private 
destinationAuthenticates method of the fwdAgent utility method. See 
Figure 5. The local signed certificate is retrieved from the cert file, loaded in an agent 
packet and sent to port 6011 on the destination host. At the destination host, the 


Agent PacketServer reads the incoming packet and decodes the signed certificate. 


Magi 


It then checks to see if the host name in the certificate is a member of a set of trusted 
hosts. If it is, a reply in the form of an agent packet including the destination host’s 
signed certificate is sent to port 6012 of the source host. The 
destinationAuthenticates method continues at the souce host by reading the 
incoming reply and decoding the signed certificate. A check is made to ensure the 
received certificate’s host name is the same as the request destination. If it is, the 
destination has authenticated and the agent folder can be forwarded. 

The agent folder is signed with the local host’s DSA private key and sent to port 
6013 of the destination host. Here the Agent PacketServer continues on the 


destination host and decodes the agent packet by verifying the signature. 
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Figure 5. fwdAgent Authentication Protocol 
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A user identification check is then made. This simulates the possible need for an 
agent originator to maintain account information at the destination host. Following this 
check the agent is executed as described above. 


The classes and interfaces for this implementation are shown in Figure 6. 
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Figure 6. Classes and Interfaces 
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V. A MILITARY SCENARIO FOR MOBILE AGENTS 


A. DATA MINING 


The following is a military scenario exemplifying, agent activation, dispatching 
and returning home. It is a data mining scenario, using agents to search a network of 
intelligence-related databases. The data being mined Is specific to intelligence, but can 
be generalized to any information type. Other types of military related information types 
include weather, cartography and logistics. 

The players in this scenario are a Joint Task Force Headquarters, a Theater 
Intelligence Headquarters and two Sub-Regional Intelligence Centers. See Figure 7. The 
Joint Task Force Headquarters is an integrated service composition charged with tactical 
command and control of a specific military mission. Examples of military missions 
include strike operations, non-combatant evacuation operations, amphibious assaults, 
disaster relief, etc. The Theater Intelligence Headquarters is the regional intelligence 
information manager. It provides operational tasking for many Sub-Regional Intelligence 
Centers. The Sub-Regional Intelligence Centers are basic intelligence data collection 
agencies located on land, air and sea based platforms. They contain various sensor types 
and provide specialized intelligence information. This information can be based on radar 
data, imagery, visual contacts, etc. 

The Joint Task Force Headquarters in this scenario is planning an air strike 
operation targeted at some enemy location. During this strike mission, a number of 
friendly aircraft will fly over the area of interest and drop a payload of bombs intent on 


destroying the target. Of concern to the Joint Task Force Headquarters is an enemy 


33 


Joint Task Force 
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Figure 7. Military Data Mining Scenario 


airfield near the target which could launch a defensive sortie of say, F-4 fighter aircraft. 
This enemy sortie could interfere with the mission. 
Prior to ordering the friendly aircraft to launch, the Joint Task Force Headquarters 
needs to be aware of any enemy aircraft activity at the airfield in question. 
A request is made by a user at the Joint Task Force Headquarters to find out if any 
F-4 fighter aircraft activity has been observed at the enemy airfield. An agent is activated 
and given the following tasks: 
e Goto the Theater Intelligence Headquarters and find out if enemy F-4 fighter 
aircraft can be launched from the airfield. 
Find out where this activity can first be observed and go there. 
Collect any recent F-4 related activity and return with the collected details. 


The agent dispatches to the Theater Intelligence Headquarters and receives a 


positive confirmation to the first query. The second query is responded to by advising the 
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agent to visit two Sub-Regional Intelligence Centers tasked with covering the airfield. 
These include a land based radar station and an overhead sensor center. The agent then 
dispatches itself to each suggested location and queries the local databases for indication 
of any F-4 aircraft activity. One of the agents soon sees an F-4 launch report associated 
with the airfield and immediately returns home to report the activity along with launch 
time and number of aircraft launched. The other agent also retrieves a similar launch 
report and returns home confirming the earlier report. 

By using the trusted mobile agent model described in Chapter III, the Joint Task 
Force Headquarters can, with confidence, make critical decisions based on the data 
collected at the trusted remote sensor sites. They are assured the results to their queries 
are authentic and accurate. They also know the data has been kept private and not 
disclosed to the enemy based on the level of public key encryption used in the 


implementation. 
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VI. CONCLUSION 


This thesis has demonstrated that a trusted mobile agent model can be useful in 
realizing agent applications in the military. This is based upon the assumption that all 
useful agents originate from a trusted host and are only forwarded to other trusted hosts. 
This is a valid assumption in the military world where it is common to communicate with 
a predetermined set of agencies among which some degree of trust exists. This model 
requires that each host maintain a list of hosts that it can expect will send only 
trustworthy agents and not malicious code. 

The approach employs the Secure Mobile Agent Transmission Protocol using 
public key cryptography. One version of it requires storing host public keys on each 
host. Another version allows more flexible re-keying, but depends on certificates signed 
by a certification authority. This version is useful when a host’s public key must change, 
for example, if its private key has been compromised or revoked. Since hosts do not 
store each other’s public keys, re-keying a host merely amounts to issuing a new 
certificate for it. Of course re-keying the certificate authority would affect all hosts. 

Although a mobile agent system could be implemented in any programming 
language, Java is a natural choice with its built-in support for networking and dynamic 
class loading. Java exhibits platform independence. This is crucial for these software 
agents that are mobile and execute in a heterogeneous domain, like the Internet. Java 
also provides serialization for easy storage of object state, allowing data to be transported 


from host to host. 


oy 


Another agent-based military scenario can be found in (Edmiston, 1998). Their 
scenario is similar and is used to describe a framework for an agent-based decision 
making application. 

This thesis attempts to show that a client can dispatch an autonomous agent into 
an open network of known trusted databases and upon return of the agent, have 
confidence in its results. Obviously this is important in military operational 
environments where results returned by an agent may be used in making decisions that 


could endanger human safety or affect delicate foreign relations. 
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APPENDIX A. MOBILE AGENT CODE 


a. INTRODUCTION 


The mobile agent implementation is based on my advisor’s active network design 
and much of the source code is rooted in the exercises and projects from the CS3973 
Advanced Object-Oriented Programming in Java course at the Naval Postgraduate 
School, Monterey, California. 

The implementation is a certificate-based authenticate-forward-authenticate 
protocol. The code differs slightly from the Secure Mobile Agent Transmission Protocol 
model in that Host A’s certificate is forwarded in the initial request verses being 
forwarded in the final agent packet which contains the agent folder. 

The mobile agent code is grouped into two sections, the primary code and the 
AgentUtil package. 

The primary code section contains the classes that generate DSA keys and build 
the certificates used in the model implementation. Also included are the Agent Packet 
Server, Start Agent, Agent Code, Agent Code Utility and Mobile Agent Security 
Manager classes. 

The AgentUtil section contains the classes and interfaces used in support of the 
primary code. 

The third section of this appendix contains the data and destination files used in 
simulating databases in the network. Also included is a printout of the originating host’s 
display following a successful run of the agent. 


Ze PRIMARY CODE 


J [BRK KR KR ee tee ee ee ee de ee eke ee ee ee ee ee ee eke ae ke ek ee ke ake ete ok eee ke ee ke ee tek ee 


// File: AgentCode.java 

// Name: LT Roy J. Virden 

// Date: 25 November 1997 

// Advisor: Professor Dennis Volpano 
// System: SCObaris Ze) JPKiS!. 2 


[ [BR RK KR RR ke ek ke ee ee eek ee te oe ee ee ee ee tee ee ee ee eke a ee ee de ee ete eke eke eee eke ee ee 


maoort java.1o0.*; 
minoort agentUtil.~; 


public void exec(AgentFolder af, AgentCodeUtilityInterface u) 


oo 


throws Exception { 


AQGentstate as = U.getsbarcevae 


is 


} 


fy. 
a 


a) 
i i 


("ro0140203.cc.nps.navy mil -equals (u.gqeumecatton m1 
Zi (aS.initialVisit == true) { ]/ Agee visits — tae 
aS.initialVisit = false; 
System.out.printin("agentCode: I'm at Home (" + 
U- getLocation (iam |) s.r, 
af.agentStateBA = u.saveState(as); 
System.out.printlin("agentCode: forwarding agent to TIHQ"); 
u.fwdAgent (af, "rol40204.cc.nps.navy.mil") ; 
} 
else { 
System.out.println("agentCode: I have returned Home (" + 
u. getLocation ()4 se 4); 
System.out.println("agentCode: returned data requested:"); 
System.out.printlin("agentCode: " + as.collectedData); 
} 
we know location of TIHQ 


("rol40204.cc.nps.navy.mil".equals(u.getLocation())) { 
System.out.printlin("agentCode: I'm at TIHO (" + 
usgetLocatrom@rr  "))> 


// here we run through a database and an agent is forwarded 


// to each site able to observe F4 activity. 
// agentState.destination field is used 


as.tempDestination = u.getDestination("dest/destinationl"); 


af.agentStateBA = u.saveState(as); 
System.out.printlin("agentCode: forwarding agent to SRIC (" + 
as.tempDestination + ")"); 


u.fwdAgent (af, as.tempDestination) ; 


as.tempDestination = u.getDestination("dest/destination2") ; 


af.agentStateBA = u.saveState(as); 
System.out.println("agentCode: forwarding agent to SRIC (" + 
as.tempDestination + ")"); 


u.fwdAgent (af, as.tempDestination) ; 


compare current location against agentState.destination field 


((as.tempDestination) .equals(u.getLocation())) { 
SYSEeCM-.OuL. printin(“ageneGode: I’m a SRICG ("4 
Usgeebocarion() +r) ay 


// search a database and store data field in agentState.data 
// for each data entry related to F4 activity 
// and then forward the agent home 


as.collectedData = u.getData(); 


af.agentStateBA = u.saveState(as); 
System.out.println("agentCode: forwarding agent to Home"); 
u.fwdAgent ar, -““rol402037ce.nps.hnavy.mal j- // go home 
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[ [BR RK RR KK RR ee ttt kkk IR OR Ok Ok Rk Rk kk kk kok kkk kk kk kk kk 


(Ai Meal Wer AgentCodeUtility.java 

// Name: LT Roy Uae rden 

// Date: 29 November 1997 

// Advisor: Professor Dennis Volpano 
// System: Solaris V2.5 gre 1.2 


[BOR RR Ke ke ke eR RR RI RR RO kk kk ke kok 


iMpent java.net.*; 
MMeorte java. lows; 
ipOre java.util. 4s; 
UNpOnrt java, SeCUrlty.-; 
ZMOort agencvUtil.*; 


public String getLocation() { 
String localHost = null; 
fee 
localHost = InetAddress.getLocalHost().getHostName (); 
} catch (Exception e) { 
SyVSeemOueepraimeln (ec) 7 
} 


return. Local Hose: 


public void fwdAgent (AgentFolder af, String destination) 
throws Exception { 


try { 
/ /---------- 
// create AgentPacket and authenticate destination 
//---------- 
AgentPacket ap = new AgentPacket (true); 
if (destinationAuthenticates(destination, ap) == true) { 
/ /--~-------- 
// set AgentPacket to agent, serialize, sign and send 
/ [---------- 
ap.certificateRequestReply = false; // flag agent packet 
ap.signedCertificateBA = null; // remove certificate 


byte[] afBA = serialize(af); 
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// 


// get privateKey, sign agentFolder byte[], pack & send it 


FileInputStream fisPrivateA = new FileInputStream("keys/" + 
this.qetlocation() + 
"or yacche ay 
ObjectInputStream oisPrivateA = 
new ObjectiInputStream(fisPrivateA) ; 
Signature dsa = Signature.getInstance ("DSA"); 


dsa.initSign((PrivateKey) oisPrivateA.readObject()); 
dsa.update (afBA); 

byte [] afBASignature = dsa.sign(); 
ap.agentFolderBA = afBA; 
ap.agentFolderBASignature = afBASignature; 

byte[{] apBA = serialize(ap); 


sendAPBA(destination, 6013, apBA); 


System.out.printin("Destination Authenticated"); 
System.out.printlin("agentPacket forwarded to " + 
destination); 


} // end if (destinationAuthenticates(destination,ap) == true) 
else System.out.println(destination + 
" failed to authenticate!"); 


} catch (Exception e) { 


System.out.println(e); 


private static boolean destinationAuthenticates (String dest, 


(goto 


AgentPacket ap) 
throws Exception { 


FileInputStream fisSCBA = new 
Filcinpumseream( certs/SCBA Certificate”); 

ObjectInputStream oisSCBA = new ObjectInputStream(fisSCBA) ; 

ap.signedCertificateBA ((byte[]) oiSSCBA.readObject()); 

byte[] apBA = serialize(ap); 

sendAPBA(dest, 6011, apBA); 


AgentPacketServer. java) 


// read returning AgentPacket reply, deserialize and cast 


byte[} incomingObject = new byte[65507]; 
ServerSocket ss2 = new ServerSocket (6012) ; 


43 


Socket s2 = ss2.accept(); 
receiveAPBA(incomingObject, s2); 
ss2.close(); 


ap = (Agent Packet) (deserialize (incomingOb)ect) ); 
al 

// handle certificate 

a ea 

if (ap.certificateRequestReply == true) { 


CertificateClass c = new CertificateClass(); 
ByteArrayInputStream bais = 

new ByteArrayInputStream(ap.signedCertificateBA) ; 
c.decode (bais); 


// save received public key to file 
// (may be used in RSA implementation) 


FileOutputStream fosPublic = 
new FileOutputStream("keys/" + 
c.principal.getName() + 
Paeuioleckey); 
ObjectOutputStream oosPublic = new 
ObjectOutputStream(fosPublic); 
oosPublic.writeObject (c.publicKey) ; 
fosPublic.close(); 
oosPublic.close(); 


return true; // return from successful authentication 


} // end if (c.serverName.equals (dest) 
else { 
System.out.println("ACU: Cert principal does not match 
destination! "); 
return false; 


} 


} // end if (ap.certificateRequestReply == true) 
else { 
System.out.println("Cert reply not received!"); 
return false; 


} 
} catch (Exception e) { 
SVstemeoul. prinuln(e)> 


return false; 


} 


} // end method 
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// sendAPBA method 


I gall aan 
private static void sendAPBA(String destination, 
int sport, 
byte[] apBA) 
throws Exception { 
Socket s = new Socket (destination, port); 


OutputStream os = s.getOutputStream(); 
os.write (apBA); 

os.close(); 

s.close(); 


private static byte[] receiveAPBA(byte[{] incomingObject, Socket s) 
throws Exception { 


InputStream is = s.getInputStream(); 

‘ies preter 

int len = 0; 

while ((cc = is.read()) != -1) 
incomingObject[lent+t+] = (byte)cc; 


is.close(); 
S.Gillese () ; 
return incomingObject; 


private static byte[] serialize(Object obj) throws Exception { 
ByteArrayOutputStream baos = new ByteArrayOutputStream(); 
ObjectOutputStream oos new ObjectOutputStream(baos) ; 
oos.writeObject (obj); 
eos. itlusnt); 
oos.close(); 
return baos.toByteArray(); 


// deserialize method (from byte[] to Object) 


private static Object deserialize(byte[] ba) throws Exception { 
ByteArrayInputStream bais = new ByteArrayInputStream(ba); 
ObjectInputStream ois = new ObjectInputStream(bais) ; 
ois.close(); 
return ois.readObject (); 


45 


public AgentState getState(AgentFolder af) throws Exception { 
return (AgentState) (deserialize(af.agentStateBA) ); 


// saveState method (from AgentState to byte[]) 


public byte[] saveState(AgentState as) throws Exception { 
return serialize(as) ; 


public String getDestination(String nextDest) throws Exception { 
FileInputStream fis = new FileInputStream(nextDest) ; 
DataInputStream dis = new DataInputStream(fis); 
return dis.readLine(); 


public String getData() throws Exception { 
FileInputStream fis = new FileInputStream("data/IntelData") ; 
DataInputStream dis = new DatalInputStream(fis); 
return dis.readLine(); 
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[OB KK Re I ke ae a ke ae dee ee ee ee kee ee ee Hee eke ke ke ek ie ek ee ee 


jy erie: Agent PacketServer.java 
// Name: LT Roy J. Virden 

// Date: 29 November 1997 

i/ PAVISOY: Professor Dennis Volpano 
// System: Solamicey2. 5 JDK1.1.2 


[ [RRR KK I Kk eR eR ee ee RK a ek ae ie ek He ee ee He ee ee ee ee ee ek kk 


LMpOrt java,lo-. 77 
import jJava.net.*; 
import agentUtil.*; 
Mmport Javavsceucery. ~; 


// AgentPacketServer class Command: java AgentPacketServer & 


// main sets the system security manager. Then it listens 


for a connection request, on port 6011, for an agent 
folder. A new Thread is created and 

added to the CPU scheduler which handles the incoming 
agent packets. 


public static void main(String args[{]) throws Exception { 


SecurityManager secMgr = new MobileAgentSecurityMgr (); 
System.setSecurityManager (secMgr) ; 


Eeye t 


CPUScheduler cpuScheduler = new CPUScheduler (50) ; 
couscheduler. stage) 


Thread MobileAgentThread; 
// allows multiple threaded clients on local port 6011 
ServerSocket ssl = new ServerSocket (6011); 


while (true) { 
// accept connection from client 
MobileAgentThread = new AgentPacketHandler(ssl.accept()); 
cpuScheduler.addThread (MobileAgentThread) ; 
MobileAgentThread.start(); 


} 


} catch (IOException e) { System.out.println(e) ;} 
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class AgentPacketHandler extends Thread { 


Socket sock; 


OE I 
aecOnstructor 
ee 
public AgentPacketHandler (Socket s) { 
this.sock = s; 
} 
[ {= -->-->>> > += > _- aa 
// threaded run method 
//----=>-_-_ >. ae 
public vold=run Gan 
try { 
atria of 
// read incoming AgentPacket request, deserialize and cast 
|e aii ge a 
byte[] incomingObject = new byte[10000]; 
receiveAPBA(incomingObject, sock); 
AgentPacket ap = (AgentPacket) (deserialize (incomingObject) ); 
System.out.printin("APS: ap.certificateRequestReply = " + 


ap.certificateRequestReply) ; 


/ /---------- 
// handle certificate 

/ /---------- 

if (ap.certificateRequestReply == true) { 


CertificateClass c = new CertificateClass(); 
ByteArrayInputStream bais = 

new ByteArrayInputStream(ap.signedCertificateBA) ; 
c.decode(bais); 


j/ cheek 11st of trustedenoscs 


rf ( ¢c.principal sequaleie 15140203 .cesnps.navy.mil” 
c.principal.equals( "rol40204.cc.nps.navy.mil" 
c.principal.equals( "rol40206.cc.nps.navy.mil" 
e.principal.cqualsij.7o14020) .ce-nps navyema 


Nee ee ee ee 
—_ 
ee tee 


// set AgentPacket reply, get cert, serialize & send 


ap.certificateRequestReply = true; 
FileInputStream fisSCBA = new 

File lnpittst ream certs/ DCBANCerE TL Came), 
ObjectInputStream oisSCBA = new 
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ObjectInputStream(fisSCBA) ; 
ap.signedCertificateBA = 

( (byte[])oisSCBA.readObject()); 
byte[] apBA = serialize(ap); 
sendAPBA(c.principal.toString(), 6012, apBA); 


// (goto AgentCodeUtility.java) 


/ /---------- 
// read incoming AgentPacket byte[], deserialize & cast 
//---------- 

ServerSocket ss3 = new ServerSocket (6013); 

Socket s3 = ss3.accept(); 


receiveAPBA(incomingObject, s3); 
ss3.close(); 


ap = (AgentPacket) (deserialize (incomingObject) ); 
| /--==S5 cee 
// nandle agentFolder 
| ( =2"=S==s0e 
if (ap.certificateRequestReply == false) { 
if (verifyAgentFolder(ap, c) == true) { 


System.out.println("APS: agentFolder verified!"); 


AgentFolder af = 
(AgentFolder) (deserialize (ap.agentFolderBA) ); 


/iecheek list of trusted Originating nosts 
7//\coptzona! | 


AgentCodeUtilityInterface util = new 
AgentCodeUtility(); 

CodeLoader codeLoader = new CodeLoader (); 

AgentCodeInterface agentCode = 
codeLoader.getActive (af.agentCodeBA) ; 

agentCode.exec(af, util); // start agent code 


) // end if (af.userID.equals("rjvirden") ) 
else System.out.println("APS: User not 
authenticated!"); 


} // end if (verifyAgentFolder(ap) == true) 
else System.out.printin("APS: Agent does not 
verry!) 


} // end if (ap.certificateRequestReply == false) 
else System.out.println("APS: Agent Folder not 
received!"); 
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} // end if(c.principal equals) 10140804 -cc.nps .navy. mil" 


else System.out.printlin("APS: “ + c.principal.getName() + 
oom scrusted! "jy; 
} // end if (ap.certificateRequestReply == true) 
else System.out.printin("APS: Certificate Request not 
received!"); 


} catch (Exception e) { 
system. out..printin(VAPS rum method exception: “ + e); 


} 


} // end run 


(SaaS Se 
// sendAPBA method 
{ [---------- 
private static void sendAPBA(String destination, 
Ge DO te, 
byte[] apBA) 
throws Exception { 
Socket Ss = new Socket (destination, port); 
OutputStream os = s.getOutputStream(); 
os.write(apBA); 
os.close(); 
s.close(); 
} 
(eS SSS S555 
// receiveAPBA method 
{ [---------- 


private static byte[] receiveAPBA(byte[] incomingObject, Socket s) 
throws Exception { 


InputStream is = s.getInputStream(); 

int Ce; 

int len = 0; 

while ((cc = is.read()) != -1) 
incomingObject[lent+] = (byte)cc; 


is.closeq); 
s.close(); 
return incomingObject; 


private static Object deserialize(byte[] ba) throws Exception { 
ByteArrayInputStream bais = new ByteArrayInputStream (ba); 
ObjectInputStream ois = new ObjectInputStream(bais); 
ois.close(); 
return ois.readObject(); 
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private static byte[] serialize(Object obj) throws Exception { 
ByteArrayOutputStream baos = new ByteArrayOutputStream(); 
ObjectOutputStream oos new ObjectOutputStream(baos) ; 
oos.writeOb ject (obj); 
Oos- flush) 
OOS.-ClOse()- 
return baos.toByteArray(); 


private static boolean verifyAgentFolder(AgentPacket ap, 
CertificateClass c) 
throws Exception { 

Signature dsa = Signature.getInstance ("DSA") ; 

dsa.initVerify(c.publicKey) ; 

dsa.update(ap.agentFolderBA) ; 

boolean verified = dsa.verify(ap.agentFolderBASignature) ; 

return verified; 


} 


} 7/ end class 
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[[**** 


KKK KKK KK KKK KKK KKK KKK KKKKK KKK KKK KK KKK KKK KKKKK KKK KK KKK KKK KKK KKK KKK K 


/7 Fale BuildCertificate.java 
// Name: LY Roy J. Virden 
// Date: 24 November 1997 
// Bdviserm Professor Dennis Volpano 
// System: Solaris V2.5 WODKiIe1.2 
[ [BR RR RK RR RR KR RR RR kk OR kk kk ek kk kk kk OR RR ok kkk kkk kk 
import agentUtil.*; 
import java.io.*; 
import java.security.*; 
import java.net.*; 
VS eae 
// BuildCertificate class 
ISIN NS SS SS ES ae 
class BuildCertificate { 
[for a=s 2+ == S aee 
// main 
| |~------------------- 
public static void main(String [] args) throws Exception { 
Oe Si ae as 
// get local host name and initialize principals 
//---------- 


AgentCodeUtilityInterface util = new AgentCodeUtility(); 
PrincipalHost ph = new PrincipalHost(util.getLocation()); 
PrincipalHost pCA = new PrincipalHost ("CA"); 


//---------- 

// create certificate and get members 

/ /---------- 

CertificateClass c = new CertificateClass(); 
G2principal = ph; 

FileInputStream fisPublic = new FileInputStream("keys/" + 


phageeNane() + (publiche ae 
ObjectInputStream oisPublic = new ObjectInputStream(fisPublic) ; 


c.publickey = ((PublicKey) oisPublic.readObject()); 
C-Guaranctor = pCA; 
GC. Eormat = "DSA"; 


fisPublic.close(); 
O1SPublic.close(); 


// get outputStream to file and encode certficate. 
Ta this implementation of encode performs a DSA signing. the 


We resulting byte array is then written to the output stream 
yy specified as an input parameter (a file in this case). 
ee 

FileOutputStream fosSCBA = new 


FileOutputStream("certs/SCBA Certificate"); 
C- encode (tes oCEe), 


SZ 


J [BRR RR RR KK RRR Ok ee ee ek ke ee ek kk kk RR RR RRR Rk Rk Rk ok kk ok ek 


// File: CertificateClass.java 

// Name: LT Roy J. Virden 

// Date: 25 November 1997 

// Advisor: Professor Dennis Volpano 
// System: Solamise v2.5» JDK1.1.2 


[ [RRR RRR KR KR KK RK KK KR RK KK RR KR RK KR Kk ee kK RR ek RR kk RR kk Rk kk Rk Kk RK kK 


import agentUtil.*; 
MiPOrteyavas:LO. , 
TMPOLrk Fava, secuLriey.*; 


lf 
// CertificateClass class (must be able to access keys and certs 

a directories) 

aes a a ee eee ee ee ee eee 


public class CertificateClass implements Certificate, Serializable { 


Publte se raneipa lL iprainerpal ; 
public Publickey publickey; 
Publi C SPrinei pal Gquaranrcor; 
pull ess tang format; 


public CertificateClass() { 
this.super(); 


bublic String Ggerrormat ( ) 
Geward chats se cme, 


ea mars oe a eee 

// getGuarantor method returns guarantor 
1 aad chal an aod heal aad Pol ot 

public Principal getGuarantor() { 


return this.guarantor; 


pubmie serine pal gee Principal () { 
return this.principal; 


} 


DS 


public PublicKey getPublicKey() { 
return this.publickey; 


Public String toString (soolean bool) { 
return this.getPrincipal().getName() ; 


// serialize 'this' certificate to a byte array 


byte[] cBA = serialize(this); 


// get CA privateKey, read byte[] message and sign it 


FileInputStream fisPrivateCA = 
new FileInputStream("keys/" + this.guarantor.getName() + 
" privateKey"); 
ObjectInputStream oisPrivateCA = new 
ObjectInputStream(fisPrivateCA) ; 
Signature dsa = Signature.getInstance("DSA") ; 
dsa.initSign((PrivateKey) oisPrivateCA.readObject()); 
dsa.update(cBA) ; 
byte [{] cBASignature = dsa.sign(); 
fisPrivateCA.close(); 
oisPrivateCA.close(); 


ES Ae 

// create signed certificate, get members and serialize 
aa ==-—— 

SignedCertificate sc = new SignedCertificate(); 
sc.certificateBA = cBA; 
sc.certificateBASignature = cBASignature; 

byte[] scBA = serialize(sc); 

Vy aaa tnalice ashe 

// write certificate to file 

f [== 32S2==s5 


ObjectOutputStream oosSCBA = new ObjectOutputStream(fosSCBA) ; 
oosSCBA.writeObject (scBA) ; 
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fosSCBA.close(); 
oosSCBA.close(); 


} catch (Exception e) { 
System.out.println("CertificateClass.encode exception: " + e); 


public void decode(InputStream bais) { 


Ceyra 
//---------- 
// deserialize inputStream (ap.signedCertificateBA in this 
Gh case) 
//---------- 


ObjectInputStream ois = new ObjectInputStream(bais); 
SignedCertificate sc (SignedCertificate) (ois.readObject()); 
boolean verified verifyCertificate(Sc); 
ois.close(); 


// if certificate verifies, deserialize and load 'this' 
1s Gertifiecate 
/7 with incoming certificate fields 


if (verified) 4{ 
CertificateClass tempCert = 
(CertificateClass) (deserialize(sc.certificateBA) ); 


this.principal = tempCert.principal; 
this.publicKey tempCert.publicKey; 
this.guarantor = tempCert.guarantor; 
this.format tempCert.format; 


} 


} catch (Exception e) { 


System.out.printlin("CertificateClass.decode exception: " + e); 
} 
} 
[ pp ases-- SSS SaSSSsS = 
// serialize method (from Object to byte[]) 
| a ie a el 


private static byte[] serialize(Object obj) throws Exception { 
ByteArrayOutputStream baos = new ByteArrayOutputStream(); 
ObjectOutputStream coos = new ObjectOutputStream(baos) ; 
oos.writeObject (obj); 
COS. Pus ton, 
00S. close (); 
return baos.toByteArray(); 
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// deserialize method (from byte[] to Object) 


private static Object deserialize (byte[] ba) throws Exception { 
ByteArrayInputStream bais = new ByteArrayInputStream(ba); 
ObjectInputStream ois = new ObjectInputStream(bais) ; 
ois.close(); 
return ois.readObject (); 


// verifyCertificate method (get CA publicKey and verify) 


private static boolean verifyCertificate(SignedCertificate sc) 
throws Exception { 
FileInputStream fisPublicCA = 
new FileInputStream("keys/" + "CA" + " publicKey") ; 
ObjectInputStream oisPublicCA = new 
ObjectInputStream(fisPublicCA) ; 
Signature dsa = Signature.getInstance ("DSA") ; 
dsa.initVerify( (PublicKkKey) oisPublicCA.readObject ()); 
dsa.update(sc.certificateBA) ; 
boolean verified = dsa.verify(sc.certificateBASignature) ; 
return verified; 
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[RR KR KR Re eek ee ee ek ee ee eke ek kk kkk ek ek ke ek ke 
// File: GenerateDSAKeys.java 

// Name: fhiwRey J. Virden 

// Date: 29 November 1997 

// Advisor: Professor Dennis Volpano 

// System: Solaepme V2.5 JDK1.1.2 


[BR KK RR RR Ke ee eR kk ek ee eee ek ek eee ee eee ee ke ek ee kk ee ke ee kk ek 


import 
import 
import 
moor t 


GW Ge Oi 
java.security.*; 
java.net.*; 
agentUtil.*; 


Bublic static veld main(Sering Aljsargs) { 


// generate and store public and private keys 
ais Only produce one CA keypair and copy to other machines 


AgentCodeUtilityInterface util = new AgentCodeUtility(); 
generateAndStoreKeys (util.getLocation(), util.getLocation() + 


"seed string"); 
generateAndStoreKeys("CA", "CA seed string"); 


public static void generateAndStoreKeys (String name, 


String inputSeedString) { 


Cy 

Ei ae an 

// create files 

//--- "235 

FileOutputStream fosPrivate = new FileOutputStream("keys/" + 
Nee tee rivakeke yy 

FileOutputStream fosPublic = new FileOutputStream("keys/" + 
name + " publickKey"); 


ObjectOutputStream oosPrivate = new 
ObjectOutputStream(fosPrivate) ; 

ObjectOutputStream oosPublic = new 
ObjectOutputStream(fosPublic) ; 


ar 


String seedString = inputSeedString; 
byte[] seed seedString.getBytes() ; 


KeyPairGenerator keyGen = KeyPairGenerator.getinstance("DSA") ; 
keyGen.initialize(1024, new SecureRandom(seed) ) ; 


KeyPair pair = keyGen.generateKeyPair(); 
or 

// write keys to file 

a 

oosPrivate.writeObject (pair.getPrivate()); 


oosPublic.writeObject (pair.getPublic()); 
oosPrivate.close(); 
oosPublic.close(); 


} catch(NoSuchAlgorithmException e) { 
System.out.println("NoSuchAlgorithmException") ; 

} catch(java.io. IOException e) { 
System-out print n( LOException |), 


} 
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| [BRK RR Re eat kt kk kk kkk ek ok kk ee kek kek 


hy 
Oe 
ie 


Bale: MobileAgentSecurityMgr.java 

Name: LT Roy J. Virden 

Credit: This class is an adaptation of Professor Volpano’s 
code from the CS39/73 Advanced Object-Oriented 
Programming in Java course. 

Date: 29 November 1997 

Advisor: Professor Dennis Volpano 

System: Solarisuv2.o sobK1.1.2 


[ [BK RK KK ek ee ee ke ee ee kek kee ke ee ek ee ee ieee ee eee kee ke oe ke ie ele eke ae kee ke ek kek ke ke oe oe eke 


Pmpert java.io. *; 


cme ee ee ee ee ee ce me cm ew cr we ce cr we cr ew ce ee ee ee ee ee ee ee ee ee es ee cs ce ee ee ee ee ee ee ee 


class MobileAgentSecurityMgr extends SecurityManager { 


protected MobileAgentSecurityMgr() { 
super (); 
} 
// allow AgentCodeUtilityInterface fwdBytes to open a socket 


pulilTe VOideeheek@onnecr (string host, int port.) 
PublucmVeltGmeneekeCennec: (string host; int pore;eeojece Oo) (e), 


// allow creation of a new ClassLoader object 
public void checkCreateClassLoader() { } 
// allow active node server to listen on a port 
pPublieG void cheemAccept (String host, int port) 1} 
// prevent ExceptionInIinitializerError at server startup 
public void checkAccess(Thread t) { } 
public void checkAccess(ThreadGroup g) { } 
public votdecheckListen(ant port) { } 
Public vordmeneckiankiStering lib) { } 
public void checkPropertyAccess(String k) { } 
// allow getinputStream().read(buf) to receive incoming class 
public void checkRead(FileDescriptor fd) { } 
// allow getOutputStream() to forward a class 
public void checkWrite(FileDescriptor fd) { } 
public void checkRead(String file) { 
af () ( tile sendsWwith("java.security | 
file.endsWith(" publicKey”") 
| 
| 


Phe SnasWieh(  pravatekey 7) 
Pimecends Wien SCBA Certificate” } 
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iaedeex. 


file 


throw new 


} 


endsWith("destinationl") 


ul 
.endswWith ("destmmation2”) | | 
file. 


endsWith ("IntelData") ) 
SecurityException(file + " unreadable"); 


public void checkWrite(Strimg file 
if (! ( file sstantswienie, ema | | 
file.endsWith(" publicKey") 2 


throw new 


SecurityException(file + " unwritable"); 
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) 


[BK KR KK er I te ea RK ok kk ok ok ok ake 


aaa: StartAgent.java 

// Name: LT Roy J. Virden 
Fae: 29 November 1997 

// Advisor: Professor Dennis Volpano 
// System: Sellavie V2s55 JDK].1.2 


[OL KK Re ea I er kk RR RR RR kk kk kok ok 


PMpOrE Java.1O. 
import java.net.*; 
import jJava.Urade” ; 
import agentUtil.*; 
UNPOme, Jjava.SecuULLLy. ”; 


/ | ~------------------------------------------------------------------- 
// StartAgent class injects AgentCode.class into the home agent 

js server. Command: java StartAgent 

| |--------------------------------------- 5-555-255-2222 2-5-2255 ------- 


/ [-------------------- 
// main 
/ /-------------------- 
public static void main( String argv[] ) throws Exception { 
/ /---------- 
// access AgentCodeUtility methods 
/ /---------- 
AgentCodeUtilityInterface util = new AgentCodeUtility(); 
/ /---------- 
// build agentfolder 
/ /---------- 
AgentFolder af = new AgentFolder (); 
af.userID = "rjvirden”™; 
af.password = "password"; 


// get bytecode 

FileInputStream fis = new FileInputStream("AgentCode.class") ; 
byte[] bytecode = new byte[fis.available()]; 

fis.read (bytecode) ; 

System.out.printin("uploading agentCode:"); 


af.agentCodeBA = bytecode; 
AgentState as = new AgentState(); 
aS.initialVisit = true; 
af.agentStateBA = util.saveState(as); 
af.encrypted = is lees // true indicates agentData 
iy encrypted with sessionKey 
af.sessionKeyBA = ml // used to encrypt agentData 


y/ member 
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String destination = util.getLocation(); // initial home host 
util.fwdAgent (af, destination) ; 
System.out.printin("StartAgent finished"); 

// (goto AgentCodeUtility.java) 


} 
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S AGENTUTIL PACKAGE 


[OL BR RR KK RR kk ee ee ee ek ek ek ek ek kk ek kk ek kk kk ek dk kk kkk 


ea es AgentCodelInterface. java 
// Name: LT Roy J. Virden 

// Date: 10 November 1997 

// Advisor: Professor Dennis Volpano 
// System: Solarrsev2.5)  JDK1.1:2 


[ [BRK KKK RK RK RK eR ee ee ek kk ke ee ek ee ke ek kk kk kk ek kk ek kk kkk 


package agentUtil; 


public void exec(agentUtil.AgentFolder b, 
agentUtil.AgentCodeUtilityInterface u) 
throws Exception; 
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[OL BR RK RK Ke kk eek ee kk ke ek ke kk kkk kkk ok kk kkk kkk kkk kk kk ok kk 


// File: AgentCodeUtilityInterface. java 
// Name: LT Roy J. Virden 

// Date: 17 December 1997 

/} Bavilsor Professor Dennis Volpano 

// System: Solaris VZ5 sl Di ibe dee 


[ [BRK KK KR RR Rk kk ke ee ee te oe ke ee ke kk ek ke ek ek ek ee ok ke ek kkk kk ok kk ek kk dk kk 


package agentUtil; 


public void fwdAgent (AgentFolder b, String dest) throws Exception; 


public String getDestination(String nextDest) throws Exception; 


public String getData() throws Exception; 
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| [BK RK RK ke ek ek ee ke ke kk et ek kk kkk ek kk kk kk kk kk ke ke kk kok 


J 7 eee AgentFolder.java 

// Name: LT Roy J. Virden 

// Date: 16 November 1997 

/ / BROVESOr: Professor Dennis Volpano 
// System: Seteres V2.5 JDK1.1.2 


et Mite Die eR tietMetete Reet Meee Meee RRR RR RRR RRR Re RR Re Rte Rete e ee eee 


package agentUtil; 
import java-10."+ 


public class AgentFolder implements Serializable { 


public String userlD; 

public String password; 

public byte[] agentCodeBA; 
public byte[] agentStateBA; 
public boolean encrypted = false; 
public byte[] sessionKeyBA; 
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J [KR KK Rk ee eee kk keke kk ke ke ke de ek kk ek ok kkk kkk kkk kkk ok ok ek kk kk kek 


File: AgentPacket.java 

Name: LT Roy J. Virden 

Date: 24 November 1997 
Advisor: Professor Dennis Volpano 
System: Solaris V2.5 JJDKi@eee 
Description: 


J [BRK KK ke ke ee ke ee ek ek ke tek tee ok eek tek eke kee ke oe eke ek kkk tee kk ek kk kee de ok ke ake oe oe 


package agentUtil; 
import java.io0.*; 


public class AgentPacket implements Serializable { 


public boolean certificateRequestReply = false; 
public byte[] agentFolderBA; 

public byte[] agentFolderBASignature; 

public byte[] signedCertificateBA; 


fo 

// AgentPacket Certification Request or Reply constructor 
ey (for debug) 

Oe a ee a 


public AgentPacket (boolean r) { 


certificateRequestReply = r; 


public AgentPacket (boolean r, byte[] b) { 


SignedCertificateBA = b; 


public AgentPacket(byte[] b, byte[] s) { 
certificateRequestReply = false; 


agentFolderBA = b; 
agentFolderBASignature = s; 
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[LB RK RR ke eR eR I ke kk OR Rk Ok ek Rk Rk kK kK kk kk kk kok kk ok 


// File: AgentState.java 

// Name: LT Roy J. Virden 

// Date: 16 December 1997 

// Advisor: Professor Dennis Volpano 
// System: Selomissv2a5) JDK1.1).2 


[ [BRR RK RK KK RK ek ee ek tek ek ek ke dee de ek ok eke ee ede ee ee eR kkk Kk ok ek kk kk kk 


package agentUtil; 
Import java. Low <, 


public class AgentState implements Serializable { 
public boolean initialVisit; 


public String tempDestination; 
public String collectedData; 


67 


[| RK RK RR II I II I I I II IO I OR IO RO ok kk kk kok 


// File: CodeLoader.java 

// Name: LT Roy J. Virden 

{7 Creedates This class was authored by Professor Volpano and 
// distributed in his CS3973 Advanced Object-Oriented 
he Programming in Java course. 

// Date: 10 November 1997 

// Advisor: Professor Dennis Volpano 

// System: Solaris, V245 J0Ki- 1-2 


| [BRK RK RR I FRI III II I I Ik tI tk kt kk kk ok kek 


package agentUtil; 
Mipert java.util.*; 


public class CodeLoader { 
public AgentCodeInterface getActive(byte[] b) throws 
InstantiationException, 
ITllegalAccessException, 
ClassCastException 
ProgramLoader loader = new ProgramLoader (); 


Class classOf = loader.defClass(b, 0, b.length); 


return (AgentCodeInterface)classOf.newInstance(); 


class ProgramLoader extends ClassLoader { 
private Hashtable Classes = new Hashtable(); 


// need defClass since defineClass is protected and hence 
// inaccessible to CodeLoader which is in package active 


publwe Class GdefClass (byteliimb,s int off, int ben)) { 
return this.defineClass(b, off, len); 


} 


public Class loadClass(String name, boolean resolve) 
throws ClassNotFoundException 
{ 
try 4 
Class newClass = (Class)Classes.get (name) ; 
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if (newClass == null) { // not yet loaded 


newClass = findSystemClass (name) ; 
if (newClass != null) 
return newClass; 


// class not found -- need to load it 
newClass = Class.forName (name) ; 
Classes.put (name, newClass) ; 

} 


return newClass; 


} catch(ClassNotFoundException e) { 


} 


throw new ClassNotFoundException(e.toString()); 
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[KK RR aK ek ek ret RR tk kK tI I tI kt I tO kkk kk te ok 


(7 ex les CPUScheduler.java 

// Name: LT Roy J. Virden 

Ls GEeai ia: This class is adapted from a scheduler in Java Threads 
lee authored by Scott Oaks and Henry Wong (Oaks, 1997). 
//seabe-: 10 November 1997 

// Advisor: Professor Dennis Volpano 

// System: SolarisW2.5 JDK .e2 


[ [BRK KKK KR eR a i ete eee ee tek tee ek kk kk ek ea He i ek kk 


package agentUtil; 


// class CPUScheduler is a round-robin thread scheduler 
public class CPUScheduler extends Thread { 


private int timeslice; // * of millis thread should cum 
private Queue threadQueue; // all the threads to be run 
private static boolean initialized = false; 


j// Greate a scheauterm nam th timeslice tc 
public CPuUSchediter ime ct) { 


aL aF 


(isInitialized()) 
throw new SecurityException("Already initialized"); 


threadQueue = new Queue(); 
timeslice =; 
SECPraori ty (6) | 

setDaemon (true) ; 


} 


// test for existing scheduler 
private synchronized static boolean isInitialized() { 


at 


(inte ali Zed) 
return true; 


initialized = true; 
return false: 


// add a thread to the scheduler's thread queue 
public synchronized void addThread(Thread t) { 


[6 A eyene eneakene ste 22) ae 
threadQueue = threadQueue.insertQ(t); 


// schedules threadQueue 
publicwverderun(). { 


Thread current = null; 


while (true) { 


synchronized (this) { 
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while (threadQueue.isemptyQ()) { 
Gry a 
this.wait (); 
} catch (InterruptedException ie) { } 


} 


current = (Thread) threadQueue.frontQ(); 
threadQueuve = threadQueue.leaveQ(); 

} 

Cry et 


Current, SCCPrioricy (4) ; 
b Gatch, (Exception e) { continue; }; // don @ireomeeeue thread 


Crys 
Thread.sleep(timeslice) ; 
} catch (InterruptedException ie) { }; 


ery 1 
current.setPriority(2); 
} catch (Exception e) { continue; }; // don't reinsert thread 


synchronized (this) 
threadQueuve = threadQueue.insertQO(current); 


} 
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[ [RRR RK RK KR KR RK KR RK kK kk ek kk kk kkk ek kk kk Rk kk kkk kk kkk 


{/ file: PrincipalHost.java 

// Name: LT Roy J. Virden 

// Date: 25 November 1997 

/ /OROVISGr : Professor Dennis Volpano 
// System: Solariss ¥255 JDK ig 


J [KR RR RR RK Rk Re kk ke ek kk ek dee ek kk ede kk kk kek kk kkk ok 


package agentUtil; 
import java.net.*; 
mipet: Javas:1o.*; 


IMPOrt Java. Utell ,*; 
mpeOrt |aVa.SeCCUT Ilya ae, 


public class PrincipalHost implements Principal, 


String name; 


Publ Ves Prime palHoeskt (String namein) <{ 
this.name = namelin; 


public boolean equals(Object o) { 
String nameIn = (String) (0); 


Serializable { 


boolean match = this.getName().equals(namelIn) ; 


return match; 


public String getName() { 
return this.name; 


public int hashCode() { 
return QO; 


} 
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publi Cwgieeing CoStaarng() 
return this.getName(); 


} 


{ 


ie 


[OL BK RK ek eke ee kk kk kk ek kkk ok ek 


7 eve: Queue.java 

// Name: LT Roy J. Virden 

/}/ PeGedac : This class was authored by Professor Volpano and 
ii distributed in his CS3973 Advanced Object-Oriented 
Ve! Programming in Java course. 

// Date: 10 November 1997 

// Advisor: Professor Dennis Volpano 

// System: Sollaris V2.9.) JDK eae 


[| BR KR KR RR Re kk keke ek ee ee eke ee ke kee ee ek ee ke ke ee ee ee ek ke kk 


package agentUtil; 
import java.1lo.*; 


public class Queue { 


private Object data; 
private Queue next; 


// constructor for an empty Queue 
public Queue() { 

this.data = null; 

this.next = this; 


// inserts object at back of queue 
public synchronized Queue insertQ(Object object) { 


Queue newNode = new Queue(); 
this.data = object; 
newNode.next = this.next; 


this.next = newNode; 


return newNode; 


// returns object at front of queue 
public synchronized Object frontQ() { 


GetuUrn tenis. mext. Gata, 


// delete object at front of queue 
public synchronized Queue leaveQ() { 


if (isemptyQ()) { } 
else { 
this.next = this.next.next; 


} 


return eas: 
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// returns true if queue is empty 
public synchronized boolean isemptyQ() { 


if (this.next == this) { 
return Eruce, 


} 
else { 
return false; 


} 


// provides output of Queue 
PublvewsyMehrenized String ~Tostring() { 


Stwingd S*= "new otring( '\n") > 


for (Queue q = this.next; gq != this; q = q.next) 
se=9s + QO. data, tootring() + °"\n": 


return gs + "---"; 
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[KK KK ke ek kk kk RO I IIR ORR kk OK kkk kk ok kkk kkk kk 


// File: SignedCertificate.java 
// Name: LT Roy J. Virden 

/7 Date: 24 November 1997 

// PEGwSOE: Professor Dennis Volpano 
// System: Solarise v2.5 S JDK Iie 


Jom semi pLion: 
[BK RK ek RR kk kk kk kkk kk kk ok kk kk ok kk kk kek ok 


package agentUtil; 
imgert javacio. *; 


public class SignedCertificate implements Serializable { 


public byte[] certificateBA; 
public byte[] certificateBASignature; 
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4. MISCELLANEOUS 


[LKR KK RR Re eo eo ee kk te ek kk ok kk ok kk kok kk ok kk kkk kk kk kk kk kk kk kkk kkk kok 


// File: data (header not included in data file) 
// Name: LT Roy J. Virden 

// Date: 29 November 1997 

// Advisor: Professor Dennis Volpano 

// System: SQ@larms V2.5  JDK1.1.2 


[O&K RRR Rk RR Ke ke eR ke RR kk ek ke kk eek kk ok ek kk kk eke ok kk kek kk kk kk Kk kk Kk ek ke 


Two F-4 aircraft departed Airfield Alpha at 10032 


77 


[BK KR RR kk ee ee kk kek ee ke kek ee ee ek ke ke ek ke kek kee kk ke kk kk ek ek kk kk 


if ive: dest (header not included in dest file) 
// Name: LT Roy J. Virden 

// Date: 29 November 1997 

// Advisor: Professor Dennis Volpano 

// System: Solaris V2.5 “JDKI Siz 


[ [RRR RR KKK KK KKK KKK KKK KEKK KKK KKK KKK KKK KEKKKHEKKKKKKK KKK KKK KK RK KKK KR KKK KK kK 


roel40206.ce.nos.navy.mil 
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[Of BR KR kk ee ee ee ee ee ee ke a ke eek eke ke kkk ee kk ete ke eke 


ye paalelgay typescript (this header not included in printout) 
// Name: LT Roy J. Virden 

Date: 29 November 1997 

// Advisor: Professor Dennis Volpano 

// System: Solaris V2.5 -JDK1.1.2 


[®t ee ee eke te ee te etek eek ke ke eke ke eke eke ke eke tee ok ee eke keke te ee ke ok ke te dee 


<114 ropub3(Solaris) /test/prototype3> java StartAgent 
uploading agentCode: 

Destination Authenticated 

agentPacket forwarded to rol140203.cc.nps.navy.mil 
StartAgent finished 


APS: ap.certificateRequestReply = true 

APS: agentFolder verified! 

agentCode: I'm at Home (ro140203.cc.nps.navy.mil) 
agentCode: sleeping 2 seconds. : 

agentCode: forwarding agent to TIHO (ro140204) 
Destination Authenticated 

agentPacket forwarded to rol40204.cc.nps.navy.mil 


APS: ap.certificateRequestReply = true 

APS: agentFolder verified! 

agentCode: I have returned Home (rol40203.cc.nps.navy.mil) 
agentCode: sleeping 2 seconds. 

agentCode: Here is the data you requested: 

agentCode: Two F-4 aircraft departed Airfield Alpha at 10032 


APS: ap.certificateRequestReply = true 

APS: agentFolder verified! 

agentCode: I have returned Home (ro140203.cc.nps.navy.mil) 
agentCode: sleeping 2 seconds. 

agentCode: Here is the data you requested: 

agentCode: Three F-4 aircraft departed Airfield Alpha at 10152 


fs, 
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